DID Auth
Last updated
Last updated
DIDs and Verifiable Credentials (VCs) offer various uses, with DID authentication being a common use case. One example of implementing a decentralized login mechanism is by allowing users to have full control over their DIDs for Sign Up and Login features on an application. Keep in mind that this is just one approach, and multiple DID authentication methods can be utilized.
The user clicks on Sign Up button on the example website
The website interacts with the backend API server to generate a Verifiable Credential with some data within it(such as the user's name, username, etc. This can be any arbitrary data the Company A wants to put in the Verifiable Credential they issue using their DID private key)
The backend API server sends back the generated VC back to the example website
The website calls the "saveVC" API of Identify Snap to save this newly generated VC in the snap storage within Metamask
The user clicks on Login button on the example website
The website calls the "getVCs" API of Identify Snap to retrieve all the VCs that are in the user's snap storage within Metamask
The website displays the list of user VCs from which the user needs to select which VC to use to login to the website
After the user chooses the VC to login with, the website calls the "createVP" API of Identify Snap to generate a Verifiable Presentation out of the VC the user chose. Developers may choose to add a "challenge" when calling this snap API for additional security.
The website sends the VP to the backend API server where a method to verify VP will be called to ensure the VP and VC are legitimate and signed by Company A's DID and that the VP does belong to the user
The backend API server sends a message to the website saying everything was verified successfully and log the user into the website
If you would like to see an example project implementing this exact DID auth mechanism, check out the following repos:
Example Site that integrates with Identify Snap:
Available on http://localhost:8000/login
Example Backend API server that uses Veramo agent to issue verifiable credentials automatically: https://github.com/tuum-tech/identify/tree/main/packages/backend